Use cases for different AuthorizedKeysCommand and AuthorizedKeysFile orders
Jochen Bern
Jochen.Bern at binect.de
Wed Jul 21 19:09:12 AEST 2021
On 20.07.21 12:50, Xiaoguang WANG wrote:
> * The authorized_keys file is only used for emergency use.
> * Every login is checked by authorized keys command (it can use other
> servers to auth through the network), and the command can return
> "force nologin" to disable the keys in authorized_keys.
> * In emergency cases (eg: network failure, or command corruption), the
> emergency key in authorized_keys can still be used to recover the
> system.
I don't know how much effort OpenSSH spends on making the
AuthorizedKeysCommand API failsafe, but just on general principle,
*shouldn't* an AuthorizedKeysFile "for emergencies" be considered
*before* an AuthorizedKeysCommand that may be affected (indefinite
hang?) by said emergency?
Otherwise: You IMHO could point AuthorizedKeysFile to an empty File and
replace the current AuthorizedKeysCommand by something like
#!/bin/sh
F="/the/ACTUAL/file/with_the/emergency.pubkeys"
/the/original/AuthorizedKeysCommand "$@"
X=$?
if [ -r "$F" ]; then
cat "$F"
exit $X
else
logger "Emergency config $F is missing or unreadable!!"
exit 1
fi
to get the order you want. (Assuming a unixoid system, that is.)
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210721/3d9069e4/attachment.p7s>
More information about the openssh-unix-dev
mailing list